lockergoga | c75d27311d7c5271e0a415bf0e4d62da7e4567c38711cc003892884dfeb3b331

Analysis

max time kernel
56s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2023, 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe
Size

1.2MB
MD5

e82c5e5d888935b99f1d4404eee4d63f
SHA1

e1ceef1881c0b59b7f8c46c4009cf8188ba3a369
SHA256

c75d27311d7c5271e0a415bf0e4d62da7e4567c38711cc003892884dfeb3b331
SHA512

fd426a5bf0b1a5de8e50c6fc5ebe3eafe038d6317372874ea6a2277975403eb9c269834735226b5ab998107ef9f8333411f34cdab0893c1c3665a5277568e229
SSDEEP

24576:W5Rt4El7fc/TFJzjJUgrrCq5sNIwQsUGy1q7a9DlIACTp+kqGslRG4s:Wjt4El7fc/TFJWstwQsPdSDuACTpqhGv

Score

10^/10

lockergoga neshta banker persistence ransomware spyware stealer trojan

Malware Config

Extracted

Path

C:\Users\Public\Desktop\README_LOCKED.txt

Ransom Note

Greetings! There was a significant flaw in the security system of your company. You should be thankful that the flaw was exploited by serious people and not some rookies. They would have damaged all of your data by mistake or for fun. Your files are encrypted with the strongest military algorithms RSA4096 and AES-256. Without our special decoder it is impossible to restore the data. Attempts to restore your data with third party software as Photorec, RannohDecryptor etc. will lead to irreversible destruction of your data. To confirm our honest intentions. Send us 2-3 different random files and you will get them decrypted. It can be from different computers on your network to be sure that our decoder decrypts everything. Sample files we unlock for free (files should not be related to any kind of backups). We exclusively have decryption software for your situation DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME the encrypted files. DO NOT MOVE the encrypted files. This may lead to the impossibility of recovery of the certain files. The payment has to be made in Bitcoins. The final price depends on how fast you contact us. As soon as we receive the payment you will get the decryption tool and instructions on how to improve your systems security To get information on the price of the decoder contact us at: [email protected] [email protected]

Emails

[email protected]

Signatures

Detect Neshta payload 15 IoCs

resource	yara_rule
behavioral2/files/0x000700000001effd-26.dat	family_neshta
behavioral2/memory/4740-301-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4740-548-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4740-955-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4740-1431-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4740-1562-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4740-1774-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4740-1820-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4740-1857-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4740-1872-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4740-1926-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4740-2003-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4740-2075-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4740-2116-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4740-2243-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta

LockerGoga
LockerGoga is a ransomware that is primarily used in targeted, disruptive attacks.
trojan banker lockergoga
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
persistence spyware neshta
Renames multiple (1602) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4078585466-1563564224-3678410669-1000\Control Panel\International\Geo\Nation	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe

Executes dropped EXE 64 IoCs

pid	Process
2264	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe
4680	tgytutrc9589.exe
4324	tgytutrc9589.exe
4208	tgytutrc9589.exe
4820	tgytutrc9589.exe
744	tgytutrc9589.exe
2188	tgytutrc9589.exe
2872	tgytutrc9589.exe
2888	tgytutrc9589.exe
2332	tgytutrc9589.exe
4228	tgytutrc9589.exe
1668	tgytutrc9589.exe
4536	tgytutrc9589.exe
4944	tgytutrc9589.exe
4636	tgytutrc9589.exe
2956	tgytutrc9589.exe
5056	tgytutrc9589.exe
2408	tgytutrc9589.exe
2168	tgytutrc9589.exe
1112	tgytutrc9589.exe
3612	tgytutrc9589.exe
1708	tgytutrc9589.exe
4604	tgytutrc9589.exe
4168	tgytutrc9589.exe
1088	tgytutrc9589.exe
3648	tgytutrc9589.exe
1124	tgytutrc9589.exe
4436	tgytutrc9589.exe
3964	tgytutrc9589.exe
436	tgytutrc9589.exe
4208	tgytutrc9589.exe
4804	tgytutrc9589.exe
3680	tgytutrc9589.exe
2812	tgytutrc9589.exe
4960	tgytutrc9589.exe
4932	tgytutrc9589.exe
3164	tgytutrc9589.exe
216	tgytutrc9589.exe
912	tgytutrc9589.exe
3448	tgytutrc9589.exe
3292	tgytutrc9589.exe
3032	tgytutrc9589.exe
4772	tgytutrc9589.exe
2104	tgytutrc9589.exe
2236	tgytutrc9589.exe
4192	tgytutrc9589.exe
3692	tgytutrc9589.exe
1604	tgytutrc9589.exe
4956	tgytutrc9589.exe
3452	tgytutrc9589.exe
3320	tgytutrc9589.exe
3772	tgytutrc9589.exe
1396	tgytutrc9589.exe
4496	tgytutrc9589.exe
2332	tgytutrc9589.exe
4284	tgytutrc9589.exe
4656	tgytutrc9589.exe
4020	tgytutrc9589.exe
1912	tgytutrc9589.exe
1668	tgytutrc9589.exe
3744	tgytutrc9589.exe
2020	tgytutrc9589.exe
1008	tgytutrc9589.exe
4464	tgytutrc9589.exe

Modifies system executable filetype association 2 TTPs 1 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSYH.TTC	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LEELAWDB.TTF	tgytutrc9589.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity.png	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.bundle	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML	tgytutrc9589.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-100.png	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackReport.dotx	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\RICEPAPR.ELM	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\SPRING.ELM	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL	tgytutrc9589.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\INTLDATE.DLL	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-100.png	tgytutrc9589.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\PREVIEW.GIF	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\THMBNAIL.PNG	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM	tgytutrc9589.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll	tgytutrc9589.exe
File opened for modification	C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui	tgytutrc9589.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui	tgytutrc9589.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml	tgytutrc9589.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-MX\View3d\3DViewerProductDescription-universal.xml	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.GrayF.png	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\THMBNAIL.PNG	tgytutrc9589.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll	tgytutrc9589.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	tgytutrc9589.exe
File opened for modification	C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png	tgytutrc9589.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSplash.scale-200_contrast-black.png	tgytutrc9589.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png	tgytutrc9589.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll	tgytutrc9589.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libpanoramix_plugin.dll	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\misc.exe	tgytutrc9589.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-180.png	tgytutrc9589.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-ES\View3d\3DViewerProductDescription-universal.xml	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	tgytutrc9589.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedAppList.scale-200_contrast-black.png	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	tgytutrc9589.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden	tgytutrc9589.exe
File opened for modification	C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\SalesReport.xltx	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml	tgytutrc9589.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART13.BDR	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\PREVIEW.GIF	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\PREVIEW.GIF	tgytutrc9589.exe
File opened for modification	C:\Program Files\Windows Mail\wab.exe	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-140.png	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.tree.dat	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\THMBNAIL.PNG	tgytutrc9589.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ADAL.DLL	tgytutrc9589.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\svchost.com	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
744	tgytutrc9589.exe
744	tgytutrc9589.exe
4228	tgytutrc9589.exe
4228	tgytutrc9589.exe
4208	tgytutrc9589.exe
4208	tgytutrc9589.exe
4820	tgytutrc9589.exe
4820	tgytutrc9589.exe
2188	tgytutrc9589.exe
2188	tgytutrc9589.exe
2332	tgytutrc9589.exe
2332	tgytutrc9589.exe
2872	tgytutrc9589.exe
2872	tgytutrc9589.exe
4820	tgytutrc9589.exe
4820	tgytutrc9589.exe
2188	tgytutrc9589.exe
2188	tgytutrc9589.exe
2872	tgytutrc9589.exe
2872	tgytutrc9589.exe
2332	tgytutrc9589.exe
2332	tgytutrc9589.exe
2188	tgytutrc9589.exe
2188	tgytutrc9589.exe
2888	tgytutrc9589.exe
2888	tgytutrc9589.exe
2332	tgytutrc9589.exe
2332	tgytutrc9589.exe
2188	tgytutrc9589.exe
2188	tgytutrc9589.exe
4228	tgytutrc9589.exe
4228	tgytutrc9589.exe
4208	tgytutrc9589.exe
4208	tgytutrc9589.exe
4820	tgytutrc9589.exe
4820	tgytutrc9589.exe
2872	tgytutrc9589.exe
2872	tgytutrc9589.exe
4324	tgytutrc9589.exe
4324	tgytutrc9589.exe
2332	tgytutrc9589.exe
2332	tgytutrc9589.exe
2188	tgytutrc9589.exe
2188	tgytutrc9589.exe
4820	tgytutrc9589.exe
4820	tgytutrc9589.exe
2872	tgytutrc9589.exe
2872	tgytutrc9589.exe
4208	tgytutrc9589.exe
4208	tgytutrc9589.exe
4324	tgytutrc9589.exe
4324	tgytutrc9589.exe
2188	tgytutrc9589.exe
2188	tgytutrc9589.exe
2332	tgytutrc9589.exe
2332	tgytutrc9589.exe
4820	tgytutrc9589.exe
4820	tgytutrc9589.exe
4324	tgytutrc9589.exe
4324	tgytutrc9589.exe
4208	tgytutrc9589.exe
4208	tgytutrc9589.exe
2332	tgytutrc9589.exe
2332	tgytutrc9589.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2264	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe
Token: SeBackupPrivilege	2264	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe
Token: SeRestorePrivilege	2264	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe
Token: SeLockMemoryPrivilege	2264	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe
Token: SeCreateGlobalPrivilege	2264	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe
Token: SeDebugPrivilege	4680	tgytutrc9589.exe
Token: SeBackupPrivilege	4680	tgytutrc9589.exe
Token: SeRestorePrivilege	4680	tgytutrc9589.exe
Token: SeLockMemoryPrivilege	4680	tgytutrc9589.exe
Token: SeCreateGlobalPrivilege	4680	tgytutrc9589.exe
Token: SeDebugPrivilege	744	tgytutrc9589.exe
Token: SeBackupPrivilege	744	tgytutrc9589.exe
Token: SeRestorePrivilege	744	tgytutrc9589.exe
Token: SeLockMemoryPrivilege	744	tgytutrc9589.exe
Token: SeCreateGlobalPrivilege	744	tgytutrc9589.exe
Token: SeDebugPrivilege	4324	tgytutrc9589.exe
Token: SeBackupPrivilege	4324	tgytutrc9589.exe
Token: SeRestorePrivilege	4324	tgytutrc9589.exe
Token: SeLockMemoryPrivilege	4324	tgytutrc9589.exe
Token: SeCreateGlobalPrivilege	4324	tgytutrc9589.exe
Token: SeDebugPrivilege	4208	tgytutrc9589.exe
Token: SeDebugPrivilege	2332	tgytutrc9589.exe
Token: SeBackupPrivilege	4208	tgytutrc9589.exe
Token: SeBackupPrivilege	2332	tgytutrc9589.exe
Token: SeRestorePrivilege	4208	tgytutrc9589.exe
Token: SeRestorePrivilege	2332	tgytutrc9589.exe
Token: SeLockMemoryPrivilege	4208	tgytutrc9589.exe
Token: SeLockMemoryPrivilege	2332	tgytutrc9589.exe
Token: SeCreateGlobalPrivilege	4208	tgytutrc9589.exe
Token: SeCreateGlobalPrivilege	2332	tgytutrc9589.exe
Token: SeDebugPrivilege	2888	tgytutrc9589.exe
Token: SeBackupPrivilege	2888	tgytutrc9589.exe
Token: SeRestorePrivilege	2888	tgytutrc9589.exe
Token: SeLockMemoryPrivilege	2888	tgytutrc9589.exe
Token: SeDebugPrivilege	2188	tgytutrc9589.exe
Token: SeCreateGlobalPrivilege	2888	tgytutrc9589.exe
Token: SeBackupPrivilege	2188	tgytutrc9589.exe
Token: SeRestorePrivilege	2188	tgytutrc9589.exe
Token: SeLockMemoryPrivilege	2188	tgytutrc9589.exe
Token: SeCreateGlobalPrivilege	2188	tgytutrc9589.exe
Token: SeDebugPrivilege	2872	tgytutrc9589.exe
Token: SeDebugPrivilege	4820	tgytutrc9589.exe
Token: SeBackupPrivilege	4820	tgytutrc9589.exe
Token: SeBackupPrivilege	2872	tgytutrc9589.exe
Token: SeRestorePrivilege	2872	tgytutrc9589.exe
Token: SeLockMemoryPrivilege	2872	tgytutrc9589.exe
Token: SeCreateGlobalPrivilege	2872	tgytutrc9589.exe
Token: SeRestorePrivilege	4820	tgytutrc9589.exe
Token: SeLockMemoryPrivilege	4820	tgytutrc9589.exe
Token: SeCreateGlobalPrivilege	4820	tgytutrc9589.exe
Token: SeDebugPrivilege	4228	tgytutrc9589.exe
Token: SeBackupPrivilege	4228	tgytutrc9589.exe
Token: SeRestorePrivilege	4228	tgytutrc9589.exe
Token: SeLockMemoryPrivilege	4228	tgytutrc9589.exe
Token: SeCreateGlobalPrivilege	4228	tgytutrc9589.exe
Token: SeDebugPrivilege	1668	tgytutrc9589.exe
Token: SeBackupPrivilege	1668	tgytutrc9589.exe
Token: SeRestorePrivilege	1668	tgytutrc9589.exe
Token: SeLockMemoryPrivilege	1668	tgytutrc9589.exe
Token: SeCreateGlobalPrivilege	1668	tgytutrc9589.exe
Token: SeDebugPrivilege	4536	tgytutrc9589.exe
Token: SeBackupPrivilege	4536	tgytutrc9589.exe
Token: SeRestorePrivilege	4536	tgytutrc9589.exe
Token: SeLockMemoryPrivilege	4536	tgytutrc9589.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 2264	4740	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe	85
PID 4740 wrote to memory of 2264	4740	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe	85
PID 4740 wrote to memory of 2264	4740	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe	85
PID 2264 wrote to memory of 5036	2264	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe	86
PID 2264 wrote to memory of 5036	2264	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe	86
PID 2264 wrote to memory of 4680	2264	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe	88
PID 2264 wrote to memory of 4680	2264	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe	88
PID 2264 wrote to memory of 4680	2264	2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe	88
PID 4680 wrote to memory of 216	4680	tgytutrc9589.exe	89
PID 4680 wrote to memory of 216	4680	tgytutrc9589.exe	89
PID 4680 wrote to memory of 4936	4680	tgytutrc9589.exe	90
PID 4680 wrote to memory of 4936	4680	tgytutrc9589.exe	90
PID 4680 wrote to memory of 2148	4680	tgytutrc9589.exe	91
PID 4680 wrote to memory of 2148	4680	tgytutrc9589.exe	91
PID 4680 wrote to memory of 2308	4680	tgytutrc9589.exe	92
PID 4680 wrote to memory of 2308	4680	tgytutrc9589.exe	92
PID 4680 wrote to memory of 3436	4680	tgytutrc9589.exe	100
PID 4680 wrote to memory of 3436	4680	tgytutrc9589.exe	100
PID 4680 wrote to memory of 4584	4680	tgytutrc9589.exe	99
PID 4680 wrote to memory of 4584	4680	tgytutrc9589.exe	99
PID 4584 wrote to memory of 3380	4584	net.exe	101
PID 4584 wrote to memory of 3380	4584	net.exe	101
PID 4680 wrote to memory of 2296	4680	tgytutrc9589.exe	102
PID 4680 wrote to memory of 2296	4680	tgytutrc9589.exe	102
PID 2296 wrote to memory of 1912	2296	net.exe	104
PID 2296 wrote to memory of 1912	2296	net.exe	104
PID 4680 wrote to memory of 4324	4680	tgytutrc9589.exe	114
PID 4680 wrote to memory of 4324	4680	tgytutrc9589.exe	114
PID 4680 wrote to memory of 4324	4680	tgytutrc9589.exe	114
PID 4680 wrote to memory of 4208	4680	tgytutrc9589.exe	113
PID 4680 wrote to memory of 4208	4680	tgytutrc9589.exe	113
PID 4680 wrote to memory of 4208	4680	tgytutrc9589.exe	113
PID 4680 wrote to memory of 2332	4680	tgytutrc9589.exe	105
PID 4680 wrote to memory of 2332	4680	tgytutrc9589.exe	105
PID 4680 wrote to memory of 2332	4680	tgytutrc9589.exe	105
PID 4680 wrote to memory of 4820	4680	tgytutrc9589.exe	112
PID 4680 wrote to memory of 4820	4680	tgytutrc9589.exe	112
PID 4680 wrote to memory of 4820	4680	tgytutrc9589.exe	112
PID 4680 wrote to memory of 744	4680	tgytutrc9589.exe	111
PID 4680 wrote to memory of 744	4680	tgytutrc9589.exe	111
PID 4680 wrote to memory of 744	4680	tgytutrc9589.exe	111
PID 4680 wrote to memory of 2188	4680	tgytutrc9589.exe	109
PID 4680 wrote to memory of 2188	4680	tgytutrc9589.exe	109
PID 4680 wrote to memory of 2188	4680	tgytutrc9589.exe	109
PID 4680 wrote to memory of 2872	4680	tgytutrc9589.exe	108
PID 4680 wrote to memory of 2872	4680	tgytutrc9589.exe	108
PID 4680 wrote to memory of 2872	4680	tgytutrc9589.exe	108
PID 4680 wrote to memory of 2888	4680	tgytutrc9589.exe	107
PID 4680 wrote to memory of 2888	4680	tgytutrc9589.exe	107
PID 4680 wrote to memory of 2888	4680	tgytutrc9589.exe	107
PID 4680 wrote to memory of 4228	4680	tgytutrc9589.exe	106
PID 4680 wrote to memory of 4228	4680	tgytutrc9589.exe	106
PID 4680 wrote to memory of 4228	4680	tgytutrc9589.exe	106
PID 4680 wrote to memory of 1668	4680	tgytutrc9589.exe	116
PID 4680 wrote to memory of 1668	4680	tgytutrc9589.exe	116
PID 4680 wrote to memory of 1668	4680	tgytutrc9589.exe	116
PID 4680 wrote to memory of 4536	4680	tgytutrc9589.exe	117
PID 4680 wrote to memory of 4536	4680	tgytutrc9589.exe	117
PID 4680 wrote to memory of 4536	4680	tgytutrc9589.exe	117
PID 4680 wrote to memory of 4944	4680	tgytutrc9589.exe	123
PID 4680 wrote to memory of 4944	4680	tgytutrc9589.exe	123
PID 4680 wrote to memory of 4944	4680	tgytutrc9589.exe	123
PID 4680 wrote to memory of 4636	4680	tgytutrc9589.exe	122
PID 4680 wrote to memory of 4636	4680	tgytutrc9589.exe	122

C:\Users\Admin\AppData\Local\Temp\2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe"
1⤵
- Checks computer location settings
- Modifies system executable filetype association
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Users\Admin\AppData\Local\Temp\3582-490\2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\3582-490\2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c move /y C:\Users\Admin\AppData\Local\Temp\3582-490\2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
    3⤵
    PID:5036
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -m
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4680
  - - C:\Windows\system32\logoff.exe
      C:\Windows\system32\logoff.exe 0
      4⤵
      PID:216
  - - C:\Windows\system32\logoff.exe
      C:\Windows\system32\logoff.exe 0
      4⤵
      PID:4936
  - - C:\Windows\system32\logoff.exe
      C:\Windows\system32\logoff.exe 0
      4⤵
      PID:2148
  - - C:\Windows\system32\logoff.exe
      C:\Windows\system32\logoff.exe 0
      4⤵
      PID:2308
  - - C:\Windows\system32\net.exe
      C:\Windows\system32\net.exe user Admin HuHuHUHoHo283283@dJD
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4584
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user Admin HuHuHUHoHo283283@dJD
        5⤵
        
        PID:3380
  - - C:\Windows\system32\logoff.exe
      C:\Windows\system32\logoff.exe 0
      4⤵
      PID:3436
  - - C:\Windows\system32\net.exe
      C:\Windows\system32\net.exe user Administrator HuHuHUHoHo283283@dJD
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2296
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user Administrator HuHuHUHoHo283283@dJD
        5⤵
        
        PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:744
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      Suspicious use of AdjustPrivilegeToken
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:1112
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:436
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:912
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:216
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:3772
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:228
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:880
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1412
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:716
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4756
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:912
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:316
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:952
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:968
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:536
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:744
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3868
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:920
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1392
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:336
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      Drops file in Program Files directory
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:968
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:220
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:756
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:744
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:820
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:968
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:436
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:164
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:116
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:744
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:516
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe
      C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe -i SM-tgytutrc -s
      4⤵
      PID:4484

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:1028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe

Filesize
2.4MB

MD5
8ffc3bdf4a1903d9e28b99d1643fc9c7

SHA1
919ba8594db0ae245a8abd80f9f3698826fc6fe5

SHA256
8268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6

SHA512
0b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\2023-08-22_e82c5e5d888935b99f1d4404eee4d63f_locker-goga_neshta_JC.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Admin\AppData\Local\Temp\tgytutrc9589.exe

Filesize
1.2MB

MD5
a875bb6ba6d2c986ed2cf086f1046e4f

SHA1
7cca904e7a581057bd3d21545a097b336fff3fc9

SHA256
cc39fa68ba131e673ef7617e76af43a3094ca1379337339c21e6f687ebed177e

SHA512
d80a3160915a7b494f5058287596241a2716ce3bf0142a91db5dbe6a45634829815afd737023df7bd71eb4d73ee19e226b4cf0be3bcbe12d8ad606e780bfbe69

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\odt\office2016setup.exe

Filesize
5.1MB

MD5
01fffec80e5a8a2a502413fd0e77ec97

SHA1
e33efee9274ad78517d345412d41efd316335808

SHA256
abadba83631411d1580dba6a6a8ba85608c851f0be654be94a574dfaf9d22f77

SHA512
8a0745e10c08383a447a9bf1e504d33ae006b216766b17da30573f36ae7406e7d4d2bbb75a5a9826872bd9d7a940d18cd3563201660e96f4423cf9814e7a0185

Download Submit
memory/4740-548-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4740-1857-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4740-955-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4740-1431-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4740-1562-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4740-1774-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4740-1820-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4740-301-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4740-1872-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4740-1926-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4740-2003-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4740-2075-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4740-2116-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4740-2243-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download